Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Fix


  • Please log in to reply
32 replies to this topic

#1 randec

randec

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 20 December 2011 - 03:28 AM

My problem started weeks ago. I received error messages on my computer consistent with those associated with the system fix malware package, and identical to screen shots posted on this site. I've run TDSKiller, MBAM, and RKill. I also edited a few registry values so that I may use my start menu and desktop icons, though I'm unable to remember which exactly I edited. I also ran defogger. I'm sorry if that makes it harder on you guys but I'm used to being able to solve this kind of thing by myself, I actually (foolishly) consider it a matter of personal pride. ***EDIT*** Also, it's worth nothing that I'm currently not receiving any browser redirects, am able to see my desktop icons, and able to see programs in my start menu. I'm also (seemingly) able to run all anti-virus tools without them closing on me. Some of the symptoms of the infections seemed to be relieved by simply inserting my windows installation disk.***EDIT*** I'm running Windows 7 Home Premium x64. My DDS log is as follows.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by rob at 3:17:13 on 2011-12-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2967 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [NaAlgcphpofdVU.exe] C:\ProgramData\NaAlgcphpofdVU.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files\MagicTune Premium\GammaTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F05E3729-D87E-430A-B023-128CD4DDC954} : DhcpNameServer = 75.75.76.76 75.75.75.75
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [NaAlgcphpofdVU.exe] C:\ProgramData\NaAlgcphpofdVU.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\ap3ji7so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-13 42184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-15 20:27:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B0ECD49-9123-46C6-8051-AD506C624A63}\offreg.dll
2011-12-15 18:52:48 -------- d-----w- C:\Users\rob\AppData\Roaming\Malwarebytes
2011-12-15 18:52:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-15 18:52:40 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-15 18:52:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-29 19:09:38 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B0ECD49-9123-46C6-8051-AD506C624A63}\mpengine.dll
2011-11-22 07:52:26 -------- d-----w- C:\Users\rob\AppData\Local\Chromium
.
==================== Find3M ====================
.
2011-11-11 17:10:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 3:18:43.27 ===============


Thank you sooooo much in advance for any help you can offer.

***EDIT #2***

I've been unable to connect the infected PC to the internet until tonight. I promptly took the opportunity to update my MWBAM definitions and ran a scan. The log is as follows.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8401

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/20/2011 3:58:05 AM
mbam-log-2011-12-20 (03-58-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 322881
Time elapsed: 28 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\rob\AppData\LocalLow\Sun\Java\deployment\cache\6.0\42\1b0357aa-30dd7490 (Trojan.FakeAlert) -> No action taken.

Edited by randec, 20 December 2011 - 04:15 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:58 PM

Posted 26 December 2011 - 03:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433520 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 randec

randec
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 26 December 2011 - 11:45 AM

Yes, please! I do still very much need help and would still be VERY appreciative to the person willing and able to offer it. I do have my windows install disk available. I'm not experiencing many symptoms anymore, I do have a login name I don't recognize and get an error message when I try to delete suspicious files.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by rob at 11:36:27 on 2011-12-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2971 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [NaAlgcphpofdVU.exe] C:\ProgramData\NaAlgcphpofdVU.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files\MagicTune Premium\GammaTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [NaAlgcphpofdVU.exe] C:\ProgramData\NaAlgcphpofdVU.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\ap3ji7so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-13 42184]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-26 16:30:10 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B0ECD49-9123-46C6-8051-AD506C624A63}\offreg.dll
2011-12-15 18:52:48 -------- d-----w- C:\Users\rob\AppData\Roaming\Malwarebytes
2011-12-15 18:52:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-15 18:52:40 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-15 18:52:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-29 19:09:38 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B0ECD49-9123-46C6-8051-AD506C624A63}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-11 17:10:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:36:54.39 ===============

#4 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:58 AM

Posted 26 December 2011 - 05:51 PM

Hi,

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#5 randec

randec
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 26 December 2011 - 09:41 PM

ComboFix 11-12-26.03 - rob 12/26/2011 21:23:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2982 [GMT -5:00]
Running from: c:\users\rob\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
c:\users\rob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 02:26 . 2011-12-27 02:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 18:52 . 2011-12-15 18:52 -------- d-----w- c:\users\rob\AppData\Roaming\Malwarebytes
2011-12-15 18:52 . 2011-12-15 18:52 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 18:52 . 2011-12-15 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-15 18:52 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 19:09 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B0ECD49-9123-46C6-8051-AD506C624A63}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 17:10 . 2011-05-13 16:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-13 06:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 06:11 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:24 . 2011-11-09 19:02 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:09 . 2011-11-09 19:02 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 12:16]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 12:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneLauncher.exe" [2010-10-29 53760]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\ap3ji7so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-NaAlgcphpofdVU.exe - c:\programdata\NaAlgcphpofdVU.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2011-12-26 21:32:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-27 02:32
.
Pre-Run: 556,572,962,816 bytes free
Post-Run: 556,751,974,400 bytes free
.
- - End Of File - - 9080EBD44078A5AFB1A044AAE4EEEBEA


My computer restarted abruptly during the scan. When it had started again avast was active in the taskbar despite the fact that I believe I had disabled it earlier.

***EDIT***

I forgot to say THANK YOU. Thank you, thank you, thank you!

Edited by randec, 26 December 2011 - 11:26 PM.


#6 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:58 AM

Posted 27 December 2011 - 10:04 AM

Hi,

That looks a lot better. :)

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#7 randec

randec
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 27 December 2011 - 12:27 PM

TFC ran without any problems and restarted the machine without incident.

MWBAM found no infections present. The report is as follows.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122703

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/27/2011 12:21:50 PM
mbam-log-2011-12-27 (12-21-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 326475
Time elapsed: 33 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Yes sir, it is looking quite a bit better! :) Thanks to you!

*** EDIT ***

I ran Rkill and received the following message...


Rkill was run on 12/27/2011 at 12:28:59.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 12/27/2011 at 12:29:03.

Edited by randec, 27 December 2011 - 12:31 PM.


#8 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:58 AM

Posted 27 December 2011 - 01:20 PM

Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe

That's nothing to worry about.




Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#9 randec

randec
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 27 December 2011 - 02:45 PM

I've taken the steps you recommended and I will keep your advice in mind in the future.

Thank you so much for all your help Gammo. If there is anything I can do to be of service to you please do not hesitate to ask.

#10 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:58 AM

Posted 27 December 2011 - 02:56 PM

You're very welcome. :thumbup2:

Thank you so much for all your help Gammo. If there is anything I can do to be of service to you please do not hesitate to ask.

You could make a donation if you want (see my signature).

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#11 randec

randec
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 27 December 2011 - 03:09 PM

You certainly deserve one. I'll see what I can do.

Rkill terminated the following process...

Rkill was run on 12/27/2011 at 15:07:10.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Program Files\AVAST Software\Avast\defs\11122601\Sf.bin


Rkill completed on 12/27/2011 at 15:07:26.

Is that another false positive? I'm sorry but this was a very nasty infection I just want to be sure this ordeal is over.

#12 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:58 AM

Posted 27 December 2011 - 03:17 PM

Yes, it's a false positive as well.

It's definitely not malware. It's part of Avast (your anti-virus).

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#13 randec

randec
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 30 December 2011 - 11:41 AM

My PC is still acting up. I'm thinking a backdoor or something must have been installed by the first infection as I'm now showing new trojans on my PC during a scan with MWBAW and I'm showing a ton of redirects, false scan results etc. This time they are all entitled win 7 security 2012. DDS log is as follows, please advise.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by rob at 11:33:09 on 2011-12-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.3006 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F05E3729-D87E-430A-B023-128CD4DDC954} : DhcpNameServer = 75.75.76.76 75.75.75.75
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\ap3ji7so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-13 42184]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-27 17:02:29 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{759D7993-42F6-438D-8B22-E84B5DC382BE}\mpengine.dll
2011-12-27 17:01:34 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-27 17:01:02 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-12-27 17:01:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-27 02:28:06 -------- d-----w- C:\$RECYCLE.BIN
2011-12-15 18:52:48 -------- d-----w- C:\Users\rob\AppData\Roaming\Malwarebytes
2011-12-15 18:52:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-15 18:52:40 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-15 18:52:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-11 17:10:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
.
============= FINISH: 11:34:55.76 ===============

= (

#14 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:58 AM

Posted 30 December 2011 - 12:09 PM

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now





Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.





Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image





Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Edited by Gammo, 30 December 2011 - 12:14 PM.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#15 randec

randec
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 30 December 2011 - 01:25 PM

Here are the logs you requested. My display keeps shutting off, my screen will just go black with no response from my PC. I have to reboot my PC to be able to see anything and even then it's all messed up with wavy lines across the screen, screen resolution messed up etc. It's very hard to see right now. Combofix fixed the screen problem after I ran that, but I don't want to run it twice unless you say to. During my TDSSkiller scan the display shut off as well....

ComboFix 11-12-30.01 - rob 12/30/2011 12:41:26.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2967 [GMT -5:00]
Running from: c:\users\rob\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 17:44 . 2011-12-30 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-27 17:02 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{759D7993-42F6-438D-8B22-E84B5DC382BE}\mpengine.dll
2011-12-27 17:01 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-27 17:01 . 2011-11-05 05:26 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-12-27 17:01 . 2011-11-05 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-15 18:52 . 2011-12-15 18:52 -------- d-----w- c:\users\rob\AppData\Roaming\Malwarebytes
2011-12-15 18:52 . 2011-12-15 18:52 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 18:52 . 2011-12-15 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-15 18:52 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 19:29 . 2010-11-03 18:40 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-11 17:10 . 2011-05-13 16:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 12:16]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 12:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneLauncher.exe" [2010-10-29 53760]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\ap3ji7so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2011-12-30 12:48:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 17:48
.
Pre-Run: 560,957,566,976 bytes free
Post-Run: 560,482,299,904 bytes free
.
- - End Of File - - A53768F39C22AD45C2028DE7605E65F7

13:09:28.0057 1172 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:09:28.0416 1172 ============================================================
13:09:28.0416 1172 Current date / time: 2011/12/30 13:09:28.0416
13:09:28.0416 1172 SystemInfo:
13:09:28.0416 1172
13:09:28.0416 1172 OS Version: 6.1.7600 ServicePack: 0.0
13:09:28.0416 1172 Product type: Workstation
13:09:28.0416 1172 ComputerName: HAL
13:09:28.0416 1172 UserName: rob
13:09:28.0416 1172 Windows directory: C:\Windows
13:09:28.0416 1172 System windows directory: C:\Windows
13:09:28.0416 1172 Running under WOW64
13:09:28.0416 1172 Processor architecture: Intel x64
13:09:28.0416 1172 Number of processors: 4
13:09:28.0416 1172 Page size: 0x1000
13:09:28.0416 1172 Boot type: Normal boot
13:09:28.0416 1172 ============================================================
13:09:29.0352 1172 Initialize success
13:09:34.0750 2408 ============================================================
13:09:34.0750 2408 Scan started
13:09:34.0750 2408 Mode: Manual; SigCheck; TDLFS;
13:09:34.0750 2408 ============================================================
13:09:35.0717 2408 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:09:35.0904 2408 1394ohci - ok
13:09:35.0935 2408 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:09:35.0951 2408 ACPI - ok
13:09:35.0951 2408 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:09:35.0982 2408 AcpiPmi - ok
13:09:36.0013 2408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:09:36.0029 2408 adp94xx - ok
13:09:36.0060 2408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:09:36.0060 2408 adpahci - ok
13:09:36.0076 2408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:09:36.0091 2408 adpu320 - ok
13:09:36.0138 2408 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
13:09:36.0201 2408 AFD - ok
13:09:36.0216 2408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:09:36.0232 2408 agp440 - ok
13:09:36.0247 2408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:09:36.0263 2408 aliide - ok
13:09:36.0279 2408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:09:36.0294 2408 amdide - ok
13:09:36.0294 2408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:09:36.0325 2408 AmdK8 - ok
13:09:36.0435 2408 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
13:09:36.0544 2408 amdkmdag - ok
13:09:36.0559 2408 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
13:09:36.0591 2408 amdkmdap - ok
13:09:36.0591 2408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:09:36.0622 2408 AmdPPM - ok
13:09:36.0653 2408 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:09:36.0669 2408 amdsata - ok
13:09:36.0684 2408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:09:36.0684 2408 amdsbs - ok
13:09:36.0731 2408 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:09:36.0731 2408 amdxata - ok
13:09:36.0747 2408 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:09:36.0793 2408 AppID - ok
13:09:36.0825 2408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:09:36.0840 2408 arc - ok
13:09:36.0871 2408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:09:36.0871 2408 arcsas - ok
13:09:36.0934 2408 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\Windows\system32\drivers\aswFsBlk.sys
13:09:37.0043 2408 aswFsBlk - ok
13:09:37.0074 2408 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\Windows\system32\drivers\aswMonFlt.sys
13:09:37.0074 2408 aswMonFlt - ok
13:09:37.0090 2408 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\Windows\system32\drivers\aswRdr.sys
13:09:37.0105 2408 aswRdr - ok
13:09:37.0121 2408 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\Windows\system32\drivers\aswSnx.sys
13:09:37.0137 2408 aswSnx - ok
13:09:37.0152 2408 aswSP (af07b4bef920f90205148f3a05e2974c) C:\Windows\system32\drivers\aswSP.sys
13:09:37.0168 2408 aswSP - ok
13:09:37.0183 2408 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\Windows\system32\drivers\aswTdi.sys
13:09:37.0183 2408 aswTdi - ok
13:09:37.0199 2408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:09:37.0246 2408 AsyncMac - ok
13:09:37.0261 2408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:09:37.0277 2408 atapi - ok
13:09:37.0293 2408 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:09:37.0308 2408 AtiPcie - ok
13:09:37.0355 2408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:09:37.0386 2408 b06bdrv - ok
13:09:37.0417 2408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:09:37.0449 2408 b57nd60a - ok
13:09:37.0464 2408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:09:37.0495 2408 Beep - ok
13:09:37.0527 2408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:09:37.0558 2408 blbdrive - ok
13:09:37.0605 2408 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:09:37.0651 2408 bowser - ok
13:09:37.0667 2408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:09:37.0683 2408 BrFiltLo - ok
13:09:37.0698 2408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:09:37.0698 2408 BrFiltUp - ok
13:09:37.0729 2408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:09:37.0745 2408 Brserid - ok
13:09:37.0761 2408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:09:37.0792 2408 BrSerWdm - ok
13:09:37.0807 2408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:09:37.0839 2408 BrUsbMdm - ok
13:09:37.0854 2408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:09:37.0870 2408 BrUsbSer - ok
13:09:37.0885 2408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:09:37.0917 2408 BTHMODEM - ok
13:09:37.0948 2408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:09:37.0963 2408 cdfs - ok
13:09:37.0995 2408 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:09:38.0026 2408 cdrom - ok
13:09:38.0041 2408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:09:38.0073 2408 circlass - ok
13:09:38.0104 2408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:09:38.0104 2408 CLFS - ok
13:09:38.0166 2408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:09:38.0182 2408 CmBatt - ok
13:09:38.0197 2408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:09:38.0197 2408 cmdide - ok
13:09:38.0213 2408 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:09:38.0260 2408 CNG - ok
13:09:38.0275 2408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:09:38.0291 2408 Compbatt - ok
13:09:38.0307 2408 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:09:38.0338 2408 CompositeBus - ok
13:09:38.0400 2408 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
13:09:38.0400 2408 cpuz134 - ok
13:09:38.0416 2408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:09:38.0431 2408 crcdisk - ok
13:09:38.0478 2408 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:09:38.0494 2408 DfsC - ok
13:09:38.0509 2408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:09:38.0541 2408 discache - ok
13:09:38.0572 2408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:09:38.0572 2408 Disk - ok
13:09:38.0603 2408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:09:38.0619 2408 drmkaud - ok
13:09:38.0665 2408 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:09:38.0681 2408 DXGKrnl - ok
13:09:38.0743 2408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:09:38.0790 2408 ebdrv - ok
13:09:38.0821 2408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:09:38.0837 2408 elxstor - ok
13:09:38.0853 2408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:09:38.0868 2408 ErrDev - ok
13:09:38.0884 2408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:09:38.0931 2408 exfat - ok
13:09:38.0946 2408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:09:38.0993 2408 fastfat - ok
13:09:39.0009 2408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:09:39.0024 2408 fdc - ok
13:09:39.0055 2408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:09:39.0055 2408 FileInfo - ok
13:09:39.0071 2408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:09:39.0102 2408 Filetrace - ok
13:09:39.0118 2408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:09:39.0118 2408 flpydisk - ok
13:09:39.0133 2408 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:09:39.0149 2408 FltMgr - ok
13:09:39.0165 2408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:09:39.0180 2408 FsDepends - ok
13:09:39.0180 2408 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:09:39.0196 2408 Fs_Rec - ok
13:09:39.0243 2408 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:09:39.0243 2408 fvevol - ok
13:09:39.0258 2408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:09:39.0274 2408 gagp30kx - ok
13:09:39.0305 2408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:09:39.0321 2408 hcw85cir - ok
13:09:39.0336 2408 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:09:39.0367 2408 HdAudAddService - ok
13:09:39.0399 2408 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:09:39.0414 2408 HDAudBus - ok
13:09:39.0430 2408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:09:39.0445 2408 HidBatt - ok
13:09:39.0461 2408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:09:39.0492 2408 HidBth - ok
13:09:39.0508 2408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:09:39.0523 2408 HidIr - ok
13:09:39.0555 2408 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:09:39.0570 2408 HidUsb - ok
13:09:39.0601 2408 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:09:39.0601 2408 HpSAMD - ok
13:09:39.0633 2408 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:09:39.0664 2408 HTTP - ok
13:09:39.0679 2408 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:09:39.0695 2408 hwpolicy - ok
13:09:39.0711 2408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:09:39.0726 2408 i8042prt - ok
13:09:39.0757 2408 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:09:39.0773 2408 iaStorV - ok
13:09:39.0789 2408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:09:39.0804 2408 iirsp - ok
13:09:39.0835 2408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:09:39.0835 2408 intelide - ok
13:09:39.0851 2408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:09:39.0882 2408 intelppm - ok
13:09:39.0898 2408 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:09:39.0929 2408 IpFilterDriver - ok
13:09:39.0945 2408 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:09:39.0976 2408 IPMIDRV - ok
13:09:39.0991 2408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:09:40.0038 2408 IPNAT - ok
13:09:40.0054 2408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:09:40.0069 2408 IRENUM - ok
13:09:40.0085 2408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:09:40.0085 2408 isapnp - ok
13:09:40.0101 2408 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:09:40.0116 2408 iScsiPrt - ok
13:09:40.0132 2408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:09:40.0147 2408 kbdclass - ok
13:09:40.0163 2408 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:09:40.0194 2408 kbdhid - ok
13:09:40.0225 2408 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:09:40.0225 2408 KSecDD - ok
13:09:40.0257 2408 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
13:09:40.0272 2408 KSecPkg - ok
13:09:40.0288 2408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:09:40.0319 2408 ksthunk - ok
13:09:40.0350 2408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:09:40.0381 2408 lltdio - ok
13:09:40.0413 2408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:09:40.0428 2408 LSI_FC - ok
13:09:40.0444 2408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:09:40.0444 2408 LSI_SAS - ok
13:09:40.0459 2408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:09:40.0475 2408 LSI_SAS2 - ok
13:09:40.0475 2408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:09:40.0491 2408 LSI_SCSI - ok
13:09:40.0506 2408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:09:40.0537 2408 luafv - ok
13:09:40.0600 2408 MagicTune (b3b7c5f26f3f8c7992350b7ede64f5c9) C:\Windows\system32\drivers\MTiCtwl.sys
13:09:40.0615 2408 MagicTune - ok
13:09:40.0631 2408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:09:40.0631 2408 megasas - ok
13:09:40.0647 2408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:09:40.0662 2408 MegaSR - ok
13:09:40.0678 2408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:09:40.0709 2408 Modem - ok
13:09:40.0740 2408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:09:40.0756 2408 monitor - ok
13:09:40.0771 2408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:09:40.0771 2408 mouclass - ok
13:09:40.0803 2408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:09:40.0818 2408 mouhid - ok
13:09:40.0834 2408 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:09:40.0849 2408 mountmgr - ok
13:09:40.0865 2408 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:09:40.0865 2408 mpio - ok
13:09:40.0881 2408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:09:40.0943 2408 mpsdrv - ok
13:09:40.0959 2408 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:09:40.0974 2408 MRxDAV - ok
13:09:41.0021 2408 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:09:41.0037 2408 mrxsmb - ok
13:09:41.0068 2408 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:09:41.0099 2408 mrxsmb10 - ok
13:09:41.0130 2408 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:09:41.0146 2408 mrxsmb20 - ok
13:09:41.0177 2408 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:09:41.0193 2408 msahci - ok
13:09:41.0208 2408 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:09:41.0208 2408 msdsm - ok
13:09:41.0239 2408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:09:41.0255 2408 Msfs - ok
13:09:41.0271 2408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:09:41.0317 2408 mshidkmdf - ok
13:09:41.0349 2408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:09:41.0349 2408 msisadrv - ok
13:09:41.0380 2408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:09:41.0395 2408 MSKSSRV - ok
13:09:41.0427 2408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:09:41.0458 2408 MSPCLOCK - ok
13:09:41.0473 2408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:09:41.0505 2408 MSPQM - ok
13:09:41.0520 2408 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:09:41.0536 2408 MsRPC - ok
13:09:41.0536 2408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:09:41.0551 2408 mssmbios - ok
13:09:41.0567 2408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:09:41.0598 2408 MSTEE - ok
13:09:41.0614 2408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:09:41.0629 2408 MTConfig - ok
13:09:41.0676 2408 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
13:09:41.0692 2408 MTsensor - ok
13:09:41.0723 2408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:09:41.0739 2408 Mup - ok
13:09:41.0770 2408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:09:41.0817 2408 NativeWifiP - ok
13:09:41.0848 2408 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:09:41.0863 2408 NDIS - ok
13:09:41.0895 2408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:09:41.0926 2408 NdisCap - ok
13:09:41.0957 2408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:09:41.0988 2408 NdisTapi - ok
13:09:42.0019 2408 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:09:42.0035 2408 Ndisuio - ok
13:09:42.0066 2408 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:09:42.0097 2408 NdisWan - ok
13:09:42.0129 2408 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:09:42.0160 2408 NDProxy - ok
13:09:42.0175 2408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:09:42.0207 2408 NetBIOS - ok
13:09:42.0238 2408 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:09:42.0285 2408 NetBT - ok
13:09:42.0331 2408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:09:42.0331 2408 nfrd960 - ok
13:09:42.0347 2408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:09:42.0378 2408 Npfs - ok
13:09:42.0394 2408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:09:42.0425 2408 nsiproxy - ok
13:09:42.0472 2408 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:09:42.0503 2408 Ntfs - ok
13:09:42.0519 2408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:09:42.0550 2408 Null - ok
13:09:42.0753 2408 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:09:42.0877 2408 nvlddmkm - ok
13:09:42.0924 2408 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:09:42.0940 2408 nvraid - ok
13:09:42.0971 2408 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:09:42.0987 2408 nvstor - ok
13:09:43.0018 2408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:09:43.0018 2408 nv_agp - ok
13:09:43.0049 2408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:09:43.0065 2408 ohci1394 - ok
13:09:43.0096 2408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:09:43.0096 2408 Parport - ok
13:09:43.0111 2408 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:09:43.0127 2408 partmgr - ok
13:09:43.0143 2408 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:09:43.0158 2408 pci - ok
13:09:43.0174 2408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:09:43.0174 2408 pciide - ok
13:09:43.0189 2408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:09:43.0205 2408 pcmcia - ok
13:09:43.0221 2408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:09:43.0221 2408 pcw - ok
13:09:43.0236 2408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:09:43.0283 2408 PEAUTH - ok
13:09:43.0314 2408 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:09:43.0345 2408 PptpMiniport - ok
13:09:43.0377 2408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:09:43.0392 2408 Processor - ok
13:09:43.0408 2408 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:09:43.0439 2408 Psched - ok
13:09:43.0470 2408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:09:43.0501 2408 ql2300 - ok
13:09:43.0517 2408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:09:43.0533 2408 ql40xx - ok
13:09:43.0533 2408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:09:43.0564 2408 QWAVEdrv - ok
13:09:43.0579 2408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:09:43.0611 2408 RasAcd - ok
13:09:43.0626 2408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:09:43.0657 2408 RasAgileVpn - ok
13:09:43.0704 2408 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:09:43.0767 2408 Rasl2tp - ok
13:09:43.0829 2408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:09:43.0876 2408 RasPppoe - ok
13:09:43.0907 2408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:09:43.0954 2408 RasSstp - ok
13:09:43.0969 2408 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:09:44.0001 2408 rdbss - ok
13:09:44.0110 2408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:09:44.0157 2408 rdpbus - ok
13:09:44.0203 2408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:09:44.0235 2408 RDPCDD - ok
13:09:44.0422 2408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:09:44.0469 2408 RDPENCDD - ok
13:09:44.0500 2408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:09:44.0515 2408 RDPREFMP - ok
13:09:44.0562 2408 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:09:44.0593 2408 RDPWD - ok
13:09:45.0108 2408 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:09:45.0108 2408 rdyboost - ok
13:09:45.0155 2408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:09:45.0186 2408 rspndr - ok
13:09:45.0249 2408 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:09:45.0249 2408 RTL8167 - ok
13:09:45.0280 2408 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:09:45.0295 2408 sbp2port - ok
13:09:45.0389 2408 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
13:09:45.0389 2408 SCDEmu - ok
13:09:45.0436 2408 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:09:45.0467 2408 scfilter - ok
13:09:45.0498 2408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:09:45.0529 2408 secdrv - ok
13:09:45.0545 2408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:09:45.0576 2408 Serenum - ok
13:09:45.0592 2408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:09:45.0607 2408 Serial - ok
13:09:45.0607 2408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:09:45.0623 2408 sermouse - ok
13:09:45.0639 2408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:09:45.0654 2408 sffdisk - ok
13:09:45.0670 2408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:09:45.0685 2408 sffp_mmc - ok
13:09:45.0701 2408 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:09:45.0717 2408 sffp_sd - ok
13:09:45.0732 2408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:09:45.0748 2408 sfloppy - ok
13:09:45.0795 2408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:09:45.0810 2408 SiSRaid2 - ok
13:09:45.0826 2408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:09:45.0841 2408 SiSRaid4 - ok
13:09:45.0857 2408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:09:45.0873 2408 Smb - ok
13:09:45.0904 2408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:09:45.0904 2408 spldr - ok
13:09:45.0951 2408 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:09:45.0966 2408 srv - ok
13:09:45.0982 2408 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:09:46.0013 2408 srv2 - ok
13:09:46.0044 2408 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:09:46.0060 2408 srvnet - ok
13:09:46.0107 2408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:09:46.0122 2408 stexstor - ok
13:09:46.0138 2408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:09:46.0153 2408 swenum - ok
13:09:46.0216 2408 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
13:09:46.0247 2408 Tcpip - ok
13:09:46.0278 2408 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
13:09:46.0309 2408 TCPIP6 - ok
13:09:46.0325 2408 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:09:46.0356 2408 tcpipreg - ok
13:09:46.0372 2408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:09:46.0403 2408 TDPIPE - ok
13:09:46.0419 2408 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:09:46.0450 2408 TDTCP - ok
13:09:46.0465 2408 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:09:46.0512 2408 tdx - ok
13:09:46.0528 2408 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:09:46.0543 2408 TermDD - ok
13:09:46.0559 2408 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:09:46.0590 2408 tssecsrv - ok
13:09:46.0621 2408 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:09:46.0668 2408 tunnel - ok
13:09:46.0684 2408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:09:46.0684 2408 uagp35 - ok
13:09:46.0715 2408 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:09:46.0746 2408 udfs - ok
13:09:46.0762 2408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:09:46.0777 2408 uliagpkx - ok
13:09:46.0793 2408 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:09:46.0809 2408 umbus - ok
13:09:46.0824 2408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:09:46.0840 2408 UmPass - ok
13:09:46.0887 2408 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:09:46.0902 2408 usbaudio - ok
13:09:46.0933 2408 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:09:46.0965 2408 usbccgp - ok
13:09:46.0980 2408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:09:46.0996 2408 usbcir - ok
13:09:47.0043 2408 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:09:47.0058 2408 usbehci - ok
13:09:47.0074 2408 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:09:47.0089 2408 usbhub - ok
13:09:47.0121 2408 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
13:09:47.0136 2408 usbohci - ok
13:09:47.0152 2408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:09:47.0167 2408 usbprint - ok
13:09:47.0214 2408 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:09:47.0230 2408 USBSTOR - ok
13:09:47.0245 2408 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
13:09:47.0261 2408 usbuhci - ok
13:09:47.0277 2408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:09:47.0292 2408 vdrvroot - ok
13:09:47.0308 2408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:09:47.0323 2408 vga - ok
13:09:47.0323 2408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:09:47.0355 2408 VgaSave - ok
13:09:47.0370 2408 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:09:47.0386 2408 vhdmp - ok
13:09:47.0448 2408 VIAHdAudAddService (574b29f436c4c63d37020c6e570a7528) C:\Windows\system32\drivers\viahduaa.sys
13:09:47.0464 2408 VIAHdAudAddService - ok
13:09:47.0495 2408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:09:47.0495 2408 viaide - ok
13:09:47.0511 2408 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:09:47.0526 2408 volmgr - ok
13:09:47.0542 2408 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:09:47.0557 2408 volmgrx - ok
13:09:47.0589 2408 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:09:47.0604 2408 volsnap - ok
13:09:47.0667 2408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:09:47.0682 2408 vsmraid - ok
13:09:47.0698 2408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:09:47.0713 2408 vwifibus - ok
13:09:47.0729 2408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:09:47.0760 2408 WacomPen - ok
13:09:47.0791 2408 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:09:47.0823 2408 WANARP - ok
13:09:47.0838 2408 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:09:47.0854 2408 Wanarpv6 - ok
13:09:47.0885 2408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:09:47.0885 2408 Wd - ok
13:09:47.0901 2408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:09:47.0932 2408 Wdf01000 - ok
13:09:47.0947 2408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:09:47.0979 2408 WfpLwf - ok
13:09:47.0994 2408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:09:48.0010 2408 WIMMount - ok
13:09:48.0041 2408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:09:48.0057 2408 WmiAcpi - ok
13:09:48.0072 2408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:09:48.0103 2408 ws2ifsl - ok
13:09:48.0135 2408 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:09:48.0166 2408 WudfPf - ok
13:09:48.0197 2408 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:09:48.0228 2408 WUDFRd - ok
13:09:48.0259 2408 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
13:09:48.0259 2408 xusb21 - ok
13:09:48.0291 2408 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:09:48.0431 2408 \Device\Harddisk0\DR0 - ok
13:09:48.0447 2408 Boot (0x1200) (9b20c40bdc1f878ad738c94b16827e76) \Device\Harddisk0\DR0\Partition0
13:09:48.0447 2408 \Device\Harddisk0\DR0\Partition0 - ok
13:09:48.0478 2408 Boot (0x1200) (abcd5a1c179b6ae801a87684076053be) \Device\Harddisk0\DR0\Partition1
13:09:48.0493 2408 \Device\Harddisk0\DR0\Partition1 - ok
13:09:48.0493 2408 ============================================================
13:09:48.0493 2408 Scan finished
13:09:48.0493 2408 ============================================================
13:09:48.0509 1064 Detected object count: 0
13:09:48.0509 1064 Actual detected object count: 0



OTL logfile created on: 12/30/2011 12:54:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\rob\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 72.41% Memory free
7.99 Gb Paging File | 6.93 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 522.05 Gb Free Space | 56.05% Space Free | Partition Type: NTFS

Computer Name: HAL | User Name: rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 12:51:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\rob\Desktop\OTL.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/08/04 03:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/07/10 21:00:36 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/15 03:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/05/10 07:04:08 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/05/10 07:04:07 | 000,287,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/05/10 07:02:41 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/05/10 06:59:59 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/05/10 06:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/10 06:59:37 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/04 04:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 03:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/09 16:19:04 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/06/23 08:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/21 00:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/17 06:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/11/04 16:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1848388935-2177632735-2747144269-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1848388935-2177632735-2747144269-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 70 B4 F2 7D C5 CC 01 [binary data]
IE - HKU\S-1-5-21-1848388935-2177632735-2747144269-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.044
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/13 11:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 11:10:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/14 22:42:02 | 000,000,000 | ---D | M]

[2010/11/03 13:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rob\AppData\Roaming\Mozilla\Extensions
[2011/12/26 21:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\ap3ji7so.default\extensions
[2011/11/09 11:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AP3JI7SO.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AP3JI7SO.DEFAULT\EXTENSIONS\UNPLUG@COMPUNACH.XPI
[2011/11/09 11:10:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 10:48:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 11:10:26 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/30 12:46:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe ()
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1848388935-2177632735-2747144269-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1848388935-2177632735-2747144269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1848388935-2177632735-2747144269-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F05E3729-D87E-430A-B023-128CD4DDC954}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 12:51:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\rob\Desktop\OTL.exe
[2011/12/30 12:48:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/30 12:46:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/30 12:40:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/30 12:40:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/30 12:40:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/30 12:39:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/30 12:39:08 | 004,356,838 | R--- | C] (Swearware) -- C:\Users\rob\Desktop\ComboFix.exe
[2011/12/30 11:42:29 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\rob\Desktop\TDSSKiller.exe
[2011/12/30 11:27:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\rob\Desktop\dds.scr
[2011/12/27 11:45:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\rob\Desktop\TFC.exe
[2011/12/26 21:22:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/15 13:52:48 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Malwarebytes
[2011/12/15 13:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/15 13:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/15 13:52:40 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/15 13:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/15 13:49:03 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\rob\Desktop\iexplore.com (2).exe
[2011/12/15 01:22:48 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\rob\Desktop\mbam-setup-1.51.2.1300.exe

========== Files - Modified Within 30 Days ==========

[2011/12/30 12:53:09 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 12:53:09 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 12:52:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 12:51:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\rob\Desktop\OTL.exe
[2011/12/30 12:49:50 | 000,739,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/30 12:49:50 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/30 12:49:50 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/30 12:46:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/30 12:46:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 12:45:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/30 12:45:33 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/30 12:39:10 | 004,356,838 | R--- | M] (Swearware) -- C:\Users\rob\Desktop\ComboFix.exe
[2011/12/30 11:42:56 | 001,558,406 | ---- | M] () -- C:\Users\rob\Desktop\tdsskiller.zip
[2011/12/30 11:27:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\rob\Desktop\dds.scr
[2011/12/30 10:35:54 | 000,011,356 | -HS- | M] () -- C:\ProgramData\yum55ut57bq3aelnhtja763377i6hki453v50volgo6
[2011/12/30 10:35:53 | 000,011,356 | -HS- | M] () -- C:\Users\rob\AppData\Local\yum55ut57bq3aelnhtja763377i6hki453v50volgo6
[2011/12/29 01:38:13 | 166,733,842 | ---- | M] () -- C:\Users\rob\Desktop\Big Sean - Dance (A_) Remix ft. Nicki Minaj.flv
[2011/12/28 10:58:49 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/27 11:45:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\rob\Desktop\TFC.exe
[2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rob\Desktop\TDSSKiller.exe
[2011/12/21 01:28:28 | 000,000,894 | ---- | M] () -- C:\Users\rob\Desktop\casal no pau - Shortcut.lnk
[2011/12/20 03:16:47 | 000,000,000 | ---- | M] () -- C:\Users\rob\defogger_reenable
[2011/12/15 13:52:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 01:26:22 | 001,008,141 | ---- | M] () -- C:\Users\rob\Desktop\iExplore.com.exe
[2011/12/15 01:23:08 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\rob\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/13 10:41:02 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rob\Desktop\iexplore.com (2).exe

========== Files Created - No Company Name ==========

[2011/12/30 12:40:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/30 12:40:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/30 12:40:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/30 12:40:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/30 12:40:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/30 11:42:20 | 001,558,406 | ---- | C] () -- C:\Users\rob\Desktop\tdsskiller.zip
[2011/12/30 05:21:26 | 000,011,356 | -HS- | C] () -- C:\Users\rob\AppData\Local\yum55ut57bq3aelnhtja763377i6hki453v50volgo6
[2011/12/30 05:21:26 | 000,011,356 | -HS- | C] () -- C:\ProgramData\yum55ut57bq3aelnhtja763377i6hki453v50volgo6
[2011/12/29 01:35:39 | 166,733,842 | ---- | C] () -- C:\Users\rob\Desktop\Big Sean - Dance (A_) Remix ft. Nicki Minaj.flv
[2011/12/21 01:28:28 | 000,000,894 | ---- | C] () -- C:\Users\rob\Desktop\casal no pau - Shortcut.lnk
[2011/12/20 03:16:47 | 000,000,000 | ---- | C] () -- C:\Users\rob\defogger_reenable
[2011/12/15 13:52:43 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 01:26:13 | 001,008,141 | ---- | C] () -- C:\Users\rob\Desktop\iExplore.com.exe
[2011/08/03 12:16:48 | 000,000,000 | ---- | C] () -- C:\Users\rob\AppData\Local\{BF78D875-3ACD-4E8B-A7DE-DA8ED875F65F}
[2011/07/05 23:57:11 | 000,000,091 | ---- | C] () -- C:\Users\rob\AppData\Local\fusioncache.dat
[2011/07/05 22:27:02 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/06 05:28:01 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/06/06 05:28:01 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/11/04 16:35:03 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/11/03 15:17:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/11/03 15:17:32 | 000,033,599 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/11/03 11:12:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/02/21 06:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe

========== LOP Check ==========

[2011/02/07 04:06:33 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\AVG10
[2010/12/23 20:03:06 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\calibre
[2011/02/16 20:45:04 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\RIFT
[2011/11/13 04:12:23 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\uTorrent
[2011/09/05 10:27:29 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\WSOP-USA.com
[2011/09/25 16:22:14 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 12/30/2011 12:54:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\rob\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 72.41% Memory free
7.99 Gb Paging File | 6.93 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 522.05 Gb Free Space | 56.05% Space Free | Partition Type: NTFS

Computer Name: HAL | User Name: rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1848388935-2177632735-2747144269-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F2DEFE25-83D8-55D0-AF90-BF25ED8360DA}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB0F5549-0EEE-4421-A1B2-08FB1468D7F1}" = calibre
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"avast" = avast! Free Antivirus
"bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.14.00.802
"FLV Player2.0.25" = FLV Player
"hon" = Heroes of Newerth
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"Steam App 440" = Team Fortress 2
"Ultra Video Joiner_is1" = Ultra Video Joiner 5.2.0104
"uTorrent" = µTorrent
"World of Warcraft" = World of Warcraft
"WSOP-USA.com" = WSOP-USA.com
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2011 11:59:49 AM | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/9/2011 12:34:43 PM | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/10/2011 8:52:10 AM | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/10/2011 7:55:19 PM | Computer Name = HAL | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/14/2011 8:34:27 PM | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.240.7, time stamp:
0x4d4a0b98 Faulting module name: java.dll, version: 6.0.240.7, time stamp: 0x4d4a3fad
Exception
code: 0xc0000005 Fault offset: 0x00004e2f Faulting process id: 0x9fc Faulting application
start time: 0x01cc5ae316554fbc Faulting application path: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Faulting
module path: C:\Program Files (x86)\Java\jre6\bin\java.dll Report Id: 548266c7-c6d6-11e0-979b-20cf30b00adb

Error - 8/29/2011 3:20:02 PM | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4e384ca8 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e42e61d Exception code: 0xc0000005 Fault offset: 0x70b5e649 Faulting
process id: 0xe1c Faulting application start time: 0x01cc66795df52c29 Faulting application
path: c:\program files (x86)\steam\steamapps\randec420\team fortress 2\hl2.exe Faulting
module path: filesystem_steam.dll Report Id: e4933969-d273-11e0-978f-20cf30b00adb

Error - 9/13/2011 11:24:37 AM | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 6.0.2.4262,
time stamp: 0x4e616378 Faulting module name: mozalloc.dll, version: 6.0.2.4262,
time stamp: 0x4e6153cf Exception code: 0x80000003 Fault offset: 0x00001a39 Faulting
process id: 0xdbc Faulting application start time: 0x01cc7225406c70e4 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: 7d272336-de1c-11e0-b48c-20cf30b00adb

Error - 10/14/2011 12:12:43 AM | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application name: java.exe, version: 6.0.260.3, time stamp:
0x4dc11607 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x000a1c9d Faulting process id:
0xfcc Faulting application start time: 0x01cc8a2785afd950 Faulting application path:
C:\Program Files (x86)\Java\jre6\bin\java.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: c36351c3-f61a-11e0-9238-20cf30b00adb

Error - 10/14/2011 12:12:52 AM | Computer Name = HAL | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 7.0.1.4288 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a80 Start
Time: 01cc8a264719b09c Termination Time: 56 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: c14a06d6-f61a-11e0-9238-20cf30b00adb

Error - 12/15/2011 4:27:43 PM | Computer Name = HAL | Source = RasClient | ID = 20227
Description =

[ System Events ]
Error - 5/13/2011 1:31:55 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405


< End of report >

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 13:15:03
-----------------------------
13:15:03.610 OS Version: Windows x64 6.1.7600
13:15:03.610 Number of processors: 4 586 0x403
13:15:03.611 ComputerName: HAL UserName: rob
13:15:04.323 Initialize success
13:15:04.368 AVAST engine defs: 11123000
13:15:07.457 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:15:07.458 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
13:15:07.479 Disk 0 MBR read successfully
13:15:07.481 Disk 0 MBR scan
13:15:07.483 Disk 0 Windows 7 default MBR code
13:15:07.486 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:15:07.493 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
13:15:07.496 Service scanning
13:15:08.738 Modules scanning
13:15:08.741 Disk 0 trace - called modules:
13:15:08.745 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:15:08.748 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049e6790]
13:15:08.751 3 CLASSPNP.SYS[fffff88000c5d43f] -> nt!IofCallDriver -> [0xfffffa80048af9b0]
13:15:08.755 5 ACPI.sys[fffff88000f18781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004970060]
13:15:09.335 AVAST engine scan C:\Windows
13:15:11.308 AVAST engine scan C:\Windows\system32
13:15:54.225 AVAST engine scan C:\Windows\system32\drivers
13:15:59.238 AVAST engine scan C:\Users\rob
13:18:02.104 AVAST engine scan C:\ProgramData
13:18:25.575 Scan finished successfully
13:19:20.918 Disk 0 MBR has been saved successfully to "C:\Users\rob\Desktop\MBR.dat"
13:19:20.923 The log file has been saved successfully to "C:\Users\rob\Desktop\aswMBR.txt"


If i've missed posting any logs please just let me know because my screen is very bad right now and it's hard to work.

Also, during this I received the following message.

C:\Program Files\ MagicTune Premium\MagicTune.exe

Illegal operation on a registry key marked for deletion.

Edited by randec, 30 December 2011 - 02:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users